Application Serial No. 10/091,479 
Amendment dated November 17, 2006 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims; 

1-27. (Cancelled). 

28. (Currently Amended) A method for clustered Secure Sockets Layer (SSL) 
acceleration, comprising the steps of: 

coimecting at least two SSL relays in a cluster; 

establishing a communication path between a first node and a second node via a first SSL 
relay of the cluste r, wherein the communication path includes an SSL connection between the 
first node and the first SSL relay ; 

transferring information between the first node and the first SSL relay, wherein the 
transferred information relatesd to a communication from the first node to the second node and 
wherein the transferred information includes a record; 

transferring the information between the first SSL relay and the second node; 

r e c e iving an acknowl e dg e m e nt from th e s e cond nod e in r e spons e to d e t e rmining that th e 
transferred information is a fiiU record; and 

clustering state information of the communication path in rosponso to whcn the record 
rec e iving th e acknowledgment from the second nod e h as been acknowledged by the second node , 
the clustering comprising sharing the state information between the first SSL relay and at least a 
second SSL relay of the cluster, wherein the second SSL relay is capable of taking over 
communications between the first and second nodes upon failure of the first SSL relay. 

29. (Previously Presented) The method according to claim 28, wherein the first node 
comprises a client and the second node comprises a server. 

30. (Currently Amended) The method according to claim 28, fiirther comprising 
transferring the information associat e d r elated to w ife-the communication between the first node 
and the second node to the second SSL relay transparently upon failure of the first SSL relay. 
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3 1 . (Previously Presented) The method according to claim 28, further comprising 
transmitting the communication from the first node to the second SSL relay and from the second 
SSL relay to the second node fransparently upon failure of the first SSL relay. 

32. (Cancelled). 

33. (Cancelled). 

34. (Previously Presented) The method according to claim 28, fiirther comprising 
sharing an SSL session cache across all of the at least two SSL relays. 

35. (Previously Presented) The method according to claim 28, further comprising 
clustering an SSL session resumption between the first node and the first SSL relay. 

36. (Previously Presented) The method according to claim 28, further comprising 
clustering cryptographic keying information across all of the at least two SSL relays. 

37. (Previously Presented) The method according to claim 36, fiirther comprising 
clustering a key and a current Cipher Block Chaining (CBC) residue. 

38. (Previously Presented) The method according to claim 36, further comprising 
clustering a sequence number. 

39. (Previously Presented) The method according to claim 36, fiirther comprising 
clustering a current key schedule. 

40. (Previously Presented) The method according to claim 36, fiirther comprising 
clustering a key and an offset into a key sfream. 
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41 . (Previously Presented) The method according to claim 28, further comprising 
clustering a cipher state. 

42. (Previously Presented) The method according to claim 28, further comprising 
clustering data from a partial record corresponding to data fi-om either the first or second node. 

43. (Currently Amended) The method according to claim 28, further comprising 
clustering an information siz e boforo the information is transmitted . 

44. (Currently Amended) A system for clustered Secure Sockets Layer (SSL) 

acceleration comprising: 
a first node; 
a second node; and 

an SSL relay cluster for connecting the first node and the second node comprising: 
a first SSL relay configured to cluster an SSL handshake stat e information in 

response to foUowing reception o f receiving athe SSL client handshake from the first node; and 
a second SSL relay configured to transmit an acknowledgment to the first SSL 

relay upen -after receiving update the state information from the first SSL relay , 

wherein the first SSL relay is further configured to transmit a handshake 

acknowledgment message to the first node foUowin g upon receiving reception of t he 

acknowledgment from the second SSL relay. 

45. (Previously Presented) The system according to claim 44, wherein the first node 
comprises a client and the second node comprises a server. 

46. (Currently Amended) A computer readable medium storing computer readable 
instructions that, when executed by a processor, perform a method comprising: 

establishing a coimection between a first node and a second node via a first SSL relay of 
an SSL relay cluster, wherein said SSL relay cluster comprises at least two intercoimected SSL 



Page 4 of 11 



Application Serial No. 10/091,479 
Amendment dated November 17, 2006 



relays and wherein the connection includes an SSL connection between the first SSL relay and 
the first node ; 

receiving a data communication from the first node , wherein at least a portion of the data 
communication is structured as a record : 

fransmitting the data communication to the second node; 

receiving a first acknowledgment from the second node , wherein the first 
acknowledgment acknowledges the recor d in r e sponse to a determination that the transmitted 
data communication is a fiiU record ; 



information of the established connection with at least a second SSL relay of the SSL relay 
cluster; and 

receiving a second acknowledgment from the at least second SSL relay in the SSL relay 
cluster confirming successfiil clustering. 

47. (Previously Presented) The computer readable medium according to claim 46, 
wherein the second SSL relay assumes the first SSL relay's responsibilities upon failure of the 
first SSL relay. 

48. (Previously Presented) The computer readable medium according to claim 46, 
wherein the first node comprises a client and the second node comprises a server. 

49. (Currently Amended) An SSL relay, the SSL relay coimected in a cluster of SSL 
relays, comprising: 

a first interface for fransferring information between a first node and the SSL relay^ 
wherein the first interface includes an SSL connection between the first node and the SSL relay 
and wherein the information includes record formatted data ; 

a second interface for fransferring the information between a second node and the SSL 

relay; 

a third interface for fransferring state information between SSL relays in the cluste r when 
the record formatted data has been acknowledged by the second nod e only in rosponso to an 





^following reception of the first acknowledgment, clustering state 
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aclaiowlodgmont from tho socond nodo, whoroin tho aclaiowlodgmont is roooivod in rosponso to 
a determination that the transferred information is a frill r e cord ; and 

a storage device, wherein state information of an SSL connection between the first node 
and the SSL relay is shared across each SSL relay in the cluster, any of the SSL relays in the 
cluster capable of taking over all connections of another SSL relay in the cluster, wherein the 
storage device is fiirther configured to store the transferred information in a queue until 
acknowledgement is received from the second node. 

50. (Currently Amended) The apparatus SSL relay according to claim 49, wherein 
the first node is a client and the second node is a server. 

5 1 . (Currently Amended) The apparatus SSL relay according to claim 49, wherein the 
first interface and the second interface are the same. 

52. (Currently Amended) The apparatus SSL relay according to claim 49, wherein 
the second interface and the third interface are the same. 

53. (Currently Amended) The apparatus SSL relay according to claim 49. wherein 
the first interface and the third interface are the same. 

54. (Currently Amended) The apparatus SSL relay according to claim 49, wherein 
the first interface and the second interface and the third interface are the same. 

55. (Currently Amended) The method of claim 28, frirther including the steps of: 

setting a timer when the record is read, wherein the record is a partial record: and 

clustering the partial record if the timer expires. 

clustering the transferred information in r e spons e to d e t e rmining that th e transf e rr e d 

information is a partial record; and 

transmitting a partial acknowledgment to tho first nodo upon clustering tho transferred 

information. 
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56. (Currently Amended) The method of claim 55, wherei n the timer corresponds to 
two times a packet interval time the step of d e t e rmining that transf e rr e d information is a partial 
record includes determining whether a packet interval timer has expired . 

57. (Currently Amended) The method of claim 28, further including the step of 
storing an unacknowledged portion of t he transf e rr e d information transferred between the first 
SSL relay and the second node in a queu e until the information has boon acknowledged by the 
second node . 

58. (Currently Amended) The method of claim 57, wherein the unacknowledged 
portion of the t ransferred information transferred between the first SSL relay and the second 
node is stored in the queue with a cipher state associated with the information. 

59. (Currently Amended) The system of claim 44, wherein the state -update 
information includes at least one of: a new TCP state, a current value of SSL handshake hashes 
and a handshake to enter upon failove r a client random value, a server random value and a 
chos e n ciph e r suit e. 

60. (Previously Presented) The system of claim 44, wherein the handshake 
acknowledgement message includes at least one of a server handshake and a server handshake 
completion message. 

61 . (Currently Amended) The system of claim 60, wherein the first node is 
configured to transmit a key exchange message upon roooiving once t he server handshake 
completion message is received . 

62. (Currently Amended) The computer readable medium of claim 46, further 
including comprising additional instructions for performing t he steps of: 

setting a timer when the record is read, wherein the record is a partial record: and 
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clustering the partial record if the timer expires. 

clustering the data communication in response to d e termining that th e data 

communication is a partial record; and 

transmitting a partial acknowledgment to the first node upon clustering the data 

communication. 



63 . (Currently Amended) The computer readable medium of claim 62, wherein the 
timer corresponds to two times a packet interval tim e stop of determining that the data 
communication is a partial record includes determining whether a packet interval timer has 



64. (Currently Amended) The computer readable medium of claim 46, further 
including the step of storing an unacknowledged portion of the data communication in a queue 
until th e data communication has been acknowledged by th e s e cond nod e. 

65 . (Previously Presented) The computer readable medium of claim 64, 
wherein the data communication is stored in the queue with a cipher state associated with the 
record. 



Page 8 of 11 



